Compromised data goes public as Staminus recovers from attack

Over the weekend, nearly 50GBs of compromised data was published to the Web after an attacker completely compromised Staminus, a security firm focused on DDoS mitigations.

The Staminus breach impacts websites from a wide spectrum, such as domains in the Minecraft community, to hate websites maintained by the Ku-Klux-Klan (KKK).

On Friday, the person(s) responsible for the Staminus attack (a group known as FTA) posted a lengthy message detailing the company's ransacking, mocking their security posture and practices.

The message itself served as proof positive of the attack, complete with configuration files, network routing outlines, and database schemas. In addition, the post listed examples of poorly maintained customer passwords (MD5 with what appears to be a five character salt) and the use of a single root password across multiple critical systems (St4m|nu5).